Spam4Me wrote:
Hello,
I'm thinking about new way of filtering displayed packets which would be
something like conversation filter of 'follow TCP stream'
but not limited to any criteria
I would give parameter with it value and field name from the same fram e.g.:
#1: gsm_map.address.digits == "48123456789"
#2: tcap.tid
Wireshark would then search any packet which has gsm_map.address.digits
== "48123456789"
and take the value of tcap.tid from this packet an use it as a display
filter.
So if there will be three messages with gsm_map.address.digits ==
"48123456789"
the packet list would display all packets where tcap.tid == #1 ||
tcap.tid == #2 || tcap.tid == #3
Right now i apply diplay filter: gsm_map.address.digits == "48123456789"
and then take any packet which I see in list, right click on tcap.tid
and Prepare a filter -> (or) Selected
It would save me many clicks
MATE:
http://wiki.wireshark.org/Mate
would probably help you do a lot of that.
